There are few things more personal that the pictures you snap with your mobile phone. While SSNs, bank accounts numbers, or street addresses are critical for our safety, pictures and videos take the meaning of privacy to a whole new level.
We snap pics of our dear ones, of our kids, and our friends, sometimes in situations that are meant to remain private. Now imagine how you would feel if anyone with basic programming skills and a couple of hours of spare time could steal your most personal photos. That all the photos stored on the SD card on your smartphone are free for the taking?
A nightmarish scenario? This is exactly how Android works right now. And iOS users, you’re not safe either.
Ok, so a couple of days ago, NYT broke news about an exploit that allowed iOS apps to read pictures and videos from an iPhone or iPad, without getting specific permission. The exploit works when you give apps permission to access your location data, which is something many apps request when installed. But when you grant the location-reading permission, you also unknowingly give iOS apps the permission to read all your photos and videos. Big brouhaha! Shame on you, Apple!
But it seems that Google is even worse at protecting your images. No, there is not a similar exploit on Android that gives apps permissions to read your photos, while you think you gave them another permission. No. Android gives all apps permission to read the photos on your SD card and do whatever they darn please with them.
How is that possible? It turns out that, rather than being a bug or an exploit, this is a FAD – a feature as designed. In other words, Android was designed from the beginning to let all apps look at the photos on your SD.
Why is that? Because Google thought about the problem that appears when Android users have several SD cards. For example, you can have an SD card with private pics that you don’t want any app to see (I’ll leave it to your imagination to determine why), so you deny all apps the right to access the SD. Later, you change the SD with another one, and now you want to grant apps access to the card, but you can’t, because you already set a restrictive permission set. To avoid this hassle, someone in the Android team decided that we can all go without explicit image read permissions. Voila, problem solved.
But Google, that’s like not installing locks on your home because one day you might lose your keys and need to change the locks. It doesn’t make sense!
Now, Google’s explanations about this privacy fiasco seem to make sense. After all, both Windows and OS X applications can read all your photos without any permission. Apparently, Google thought that mimicking the behavior of a PC operating system is perfectly natural.
Some say that it’s normal for smartphone apps to read your data without permission. This is how smartphone apps work. This is what MG Siegler thinks. See, MG Siegler says that too many prompts will ruin the fun, that soon our beautiful post-PC computing experience will be marred by apps that constantly prompt us for permission to do anything.
That we need to show a little trust!
But come on! You don’t run around with your Windows PC in your pocket. You don’t use it to take your most personal pics. Many of us have pics that we wouldn’t ever copy to a PC, just because they are safer on our own personal gadget that we carry around at all times and protect with a password. When you have to specifically tell your app that it can write data on your SD card, while the app can read photos from the SD card without asking for permission, where is the trust?
Right now, the permissions system used by Android and iOS is flawed, because it gives users a sense of false safety. When an app only asks if it can access your GPS location, you naturally assume that the app only gets that specific permission. So, how come that app can read your nude pics (there, I said it) and send them over to some random server?
Others argue that you just can’t stop nefarious app developers from stealing your photos. For instance, a photo viewing app that can upload pics to Twitter needs both access to your images and to the web. Permissions won’t stop it from stealing your pics. So why bother with permissions at all? But that’s not a valid argument. If a burglar really wants to break into your house, locks won’t stop him. Does that mean that we should ditch locks? No, it means that we need to have good alarm systems in place.
I am disappointed in Google right now. At least Apple had an exploit on their hands. Google did it on purpose, just to keep things simple. Like a door-maker that makes docks without locks, because they look “cleaner”.
There are 450,000 applications in the Android Market. Let’s assume that 0.1% of those apps have been designed to take advantage of the SD card loophole. That would be about 450 apps that are specifically designed to steal your pictures. Sure, that’s completely speculative. But is it normal to have 450 apps in the wild that are built to read your private pictures? Moreover, is it normal to know about it and do nothing?
No, I am not spreading FUD just for the sake of page views. I think that the problem is very serious, and Google and Apple need to do something about it fast. Google has told NYT that they are “considering adding a permission for apps to access images”. Considering? Google, I think that you should do it in high priority.
What do you think? Am I overreacting? How should the permission mechanism work?